United States Improves Critical Infrastructure Security by Passing Five Bills

The cyber security incident that recently affected Colonial Pipeline showed the extreme need to protect our critical infrastructure.  Ransomware successfully hindered the delivery of fuel to a large portion of the East Coast.  Colonial Pipelines and other critical infrastructure could prevent cyber security incidents with enhanced security that prepares themselves for the imminent attacks.  Finally, the United States House Committee on Homeland Security recently passed five bills to increase cyber defenses for United State organizations and critical infrastructure.

 

Why Attack Critical Infrastructure?

People and organizations not only depend on critical infrastructure, they need the critical infrastructure.  These organizations and operations supply everyday needs to the world such as fuel, water, electricity, and more.   However, if any of these needs are not available 24 hours a day and 7 days a week, it can cause immense damage.

With that in mind, critical infrastructure presents a massive target that attackers can easily breach and extort.  Although, the constant need for availability and the criticality of the infrastructure’s operations work in the attackers’ favor.  Additionally, a lot of the infrastructure lacks the security controls needed in order to prevent it.  These characteristics make it a prime target.  

Furthermore, the critical infrastructure organization will be more willing to pay the ransom demands to quickly recover operations.  In recent news, Colonial Pipelines paid $5 million to recover their systems.  By paying the demands, attackers are more motivated to commit future attacks on other organizations and infrastructure.

 

The Five Bills

Although the need for security controls should have been implemented sooner, the United States House Committee on Homeland Security passed five bills to increase cyber defenses. These bills improve and enhance cyber security defense capabilities of organizations and critical infrastructure.  They include:

  • H.R. 2980, The “Cybersecurity Vulnerability Remediation Act” – This act authorizes CISA to assist critical infrastructure owners and operators with mitigation strategies against the most critical and known vulnerabilities
  • H.R. 3138, The “State and Local Cybersecurity Improvement Act” – This act seeks authorization of a $500 million grant program that will provide State and local, Tribal and Territorial governments with funding to secure their networks
  • H.R. 3223, The “CISA Cyber Exercise Act” – This act creates a National Cyber Exercise program within CISA.  It is designed to promote regular testing and systematic assessments of preparedness and resilience to cyber attacks
  • H.R. 3243, The “Pipeline Security Act” – This act improves the ability of the TSA to secure pipeline systems from cyberattacks, terrorist attacks, and other threats
  • H.R. 3264, The “Domains Critical to Homeland Security Act” – This act authorizes the DHS to conduct research and development into supply chain risks for critical domains of the U.S. economy and transmit results to congress

 

However, these acts all possess the same goal.  Their goal is to improve security and preparedness for future attacks for organizations and critical infrastructure.  Furthermore, as organizations and infrastructure begin to comply with these new bills, hopefully we see critical infrastructure successfully defend itself against attacks and avoid attacks like the recent ransomware attack on Colonial Pipelines.

 

Additionally, Cyber Protection Group conducts penetration tests and vulnerability assessments to prepare and defend your networks from cyber attacks.  Learn more about our services and request a free sample report here!